Closed jakedoublev closed 1 week ago
@jakedoublev I'm wondering if we want the client to return some value to verify they was to perform this destructive behavior. For instance if you want to delete you need to provide the id and the name.
Then we can just pass the user's input from CLI or web directly to the server. No need for user clients to add that layer.
@jakedoublev I'm wondering if we want the client to return some value to verify they was to perform this destructive behavior. For instance if you want to delete you need to provide the id and the name.
That's a good idea @jrschumacher. I think the behavior that would guard against is a mistaken UUID being utilized to delete the policy object. Some other options would be:
acknowledgeRisk: boolean
fqn
instead of its name/value to indicate an understanding of its place in the policy graphOf those, I think 1 is too burdensome and 2 is awkward and clunky. Your suggestion is great to prevent a mistake and for consumer DX/UX downstream, and requiring the FQN instead of just the object name/value will require the user to know it, copy/paste, or type it in, which is good.
I think reactivation
is okay with just an id
because it is not cascading (like delete
), which is most dangerous, and unsafe update
s are likely also fine with just the id
and the mutations.
The protos ensure gencode in each language and the HTTP path behind /unsafe
will indicate the danger of these mutations.
First PR related to #115